Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

Monday September 13, 2021 12:51 pm PDT by Juli Clover

Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

nso israeli surveillance firm
Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.

FORCEDENTRY was distributed by Israel's NSO Group to governments and various other entities, and The Citizen Lab discovered it after analyzing the ‌iPhone‌ of a Saudi activist. Details were sent to Apple on September 7, and Apple took a week to fix the bug. According to The Citizen Lab, FORCEDENTRY has been in use since at least February 2021.

"This spyware can do everything an ‌iPhone‌ user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton.

Apple lists the fix as CVE-2021-30860, and described it as a maliciously crafted PDF that could lead to arbitrary code execution.

Back in July, a slew of media reports highlighted zero-click iMessage exploits called Pegasus, which were distributed by Israeli surveillance firm NSO Group and were used to target journalists, lawyers, and human rights activists around the world. A database of more than 50,000 people who had been targeted by NSO's clients was made public at the time.

The Pegasus spyware is notable because it skirts BlastDoor, specific iMessage protections that Apple put into place in with the launch of iOS 14. BlastDoor is a sandbox security system for Messages that's designed to prevent exploits like Pegasus, but it's still a work in progress.

Apple told The New York Times that it plans to add spyware barriers to the iOS 15 software update to prevent similar attacks in the future.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: Apple Security, Security

Popular Stories

Multicolored Low Cost A18 Pro MacBook Feature

Apple Accidentally Leaks 'MacBook Neo'

Tuesday March 3, 2026 7:00 am PST by Joe Rossignol

Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday. A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet. While the PDF file does not contain the "MacBook Neo" name, it briefly appeared in a link...

• 402 comments

Apple Announces $599 'MacBook Neo' With A18 Pro Chip

Wednesday March 4, 2026 6:15 am PST by Hartley Charlton

Apple today announced the "MacBook Neo," an all-new kind of low-cost Mac featuring the A18 Pro chip for $599. The MacBook Neo is the first Mac to be powered by an iPhone chip; the A18 Pro debuted in 2024's iPhone 16 Pro models. Apple says it is up to 50% faster for everyday tasks than the bestselling PC with the latest shipping Intel Core Ultra 5, up to 3x faster for on-device AI workloads,...

• 1335 comments

Apple Unveils Two New Products

Monday March 2, 2026 7:49 am PST by Joe Rossignol

Apple today introduced two new devices, including the iPhone 17e and an updated iPad Air. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the ...